Nextdoor Holdings, Inc. - (KIND)
10-K Filing Date: February 27, 2024
Item 1C. Cybersecurity
Risk Management and Strategy
Our cybersecurity policies, standards, processes and practices are based on applicable laws and regulations and informed by industry standards and industry-recognized practices. Our strategy to assess, identify, and manage material cybersecurity risks is through a comprehensive, cross-functional approach that is focused on preserving the confidentiality, security, and availability of our information systems and data. We implement security measures and processes to identify, prevent, and mitigate cybersecurity threats and to effectively respond to cybersecurity incidents when they occur. Our cyber risk management includes: (1) enterprise risk management to identify top cybersecurity risks; (2) vulnerability management to identify software vulnerabilities and risks related to compute infrastructure; (3) vendor risk management to identify risks related to third parties and business partners, which includes pre-engagement review, use of contractual security provisions, and continued monitoring, as applicable; (4) privacy risk management to identify privacy risks in our product and platforms and ensure regulatory compliance; (5) security monitoring to analyze and assess threat activity in real time; and (6) security incident response to investigate, respond to, and mitigate cyber threats. We regularly engage third parties to identify risks in our underlying software and infrastructure, to provide threat intelligence, and to assist in triaging, identifying, and responding to cyber threats.
In 2023, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we have not experienced undetected cybersecurity incidents. For more information regarding cybersecurity risks that we face and potential impacts on our business related thereto, see the section entitled “Risk Factors — Security breaches, including improper access to or disclosure of our data or our neighbors’ data, or other hacking and phishing attacks on our or third-party systems, could harm our reputation and adversely affect our business.”
Governance
Our Board of Directors maintains oversight of risks from cybersecurity threats by meeting with and receiving periodic updates from our Chief Information Security Officer (“CISO”), via our Audit & Risk Committee, which is assigned oversight of cybersecurity risks. Our Audit & Risk Committee is responsible for ensuring that management has processes in place designed to identify and evaluate
41
cybersecurity risks to which the company is exposed and to implement processes and programs to manage cybersecurity risks and mitigate cybersecurity incidents.
Our CISO, has over 20 years of experience in the technology and cybersecurity, including senior leadership roles in software security, penetration testing, and incident response. Our CISO attained and maintains multiple security certifications including CISSP (Certified Information Security Professional). Prior to Nextdoor, our CISO led Software Security at the Federal Reserve’s National Incident Response Team.